Defense in Depth

5-Layer Model, Compartmentalization & Blast Radius Control

Resilience & Infrastructure | Technical Operations Excellence

5
Defense Layers
3
Compartments
N+2
Redundancy
0
Single Points

5-Layer Defense Model

LayerFunctionExample
1. PerimeterEdge protectionWAF, firewall
2. NetworkSegmentationVLANs, VPCs
3. HostHardeningPatches, config
4. ApplicationCode securityInput validation
5. DataEncryptionAt rest, in transit

Multiple layers must fail for a breach to succeed

Compartmentalization Strategies

StrategyDescription
Role SeparationDifferent jobs run as distinct accounts
Location SeparationGeographic isolation (multi-region)
Time SeparationKey rotation forces continuous presence

Blast Radius Control

Failure Domains

Partition into independent copies

Circuit Breakers

Stop cascading failures at boundaries

Bulkheads

Isolate resource pools per tenant/service

Access Classification

TierData TypeControls
PublicCompany-wideLow-risk
SensitiveAuthorized onlyMedium-high
Highly SensitiveNo permanent accessMPA required

Redundancy Patterns

PatternDescription
N+1One spare for failover
N+2Two spares (for critical systems)
Active-ActiveAll replicas serve traffic
Active-PassiveStandby on failover

N+2 for tier-0 critical systems

Advanced Authorization

  • MPA: Multi-party approval for sensitive ops
  • Temporary Access: Time-bound permissions
  • Business Justification: Tie to tickets/incidents
  • Breakglass: Emergency override with audit

Designing for Recovery

PrincipleApplication
Go fast, guardedSpeed with policy guardrails
Minimize time depsDon't wait for wall-clock
Know intended stateEncode complete config
Emergency accessWorks when systems fail

Zero Single Points of Failure

  • Every component has a backup
  • Every process has redundancy
  • Every region has failover
  • Every credential has rotation

Assume Breach

Design so attackers must breach ALL layers.